IOC Report
https://na2.docusign.net/Signing/EmailStart.aspx?a=00c6a14e-a8e7-4223-9765-b10754976206&etti=24&acct=77b54376-cfe0-40a4-ada4-41dcbd6fe4fa&er=61ed0986-cfa5-49af-9b2c-480985e92055

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:03:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:03:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:03:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:03:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 11:03:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 242
ASCII text, with very long lines (6455)
downloaded
Chrome Cache Entry: 246
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 247
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 249
Unicode text, UTF-8 text, with very long lines (65452)
downloaded
Chrome Cache Entry: 256
ASCII text, with very long lines (57931)
dropped
Chrome Cache Entry: 257
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 260
Unicode text, UTF-8 text, with very long lines (63087)
dropped
Chrome Cache Entry: 263
Unicode text, UTF-8 text, with very long lines (30984)
dropped
Chrome Cache Entry: 264
MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 265
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 267
ASCII text, with very long lines (65440)
downloaded
Chrome Cache Entry: 268
ASCII text, with very long lines (65457)
downloaded
Chrome Cache Entry: 269
GIF image data, version 89a, 145 x 60
downloaded
Chrome Cache Entry: 270
ASCII text, with very long lines (20077)
downloaded
Chrome Cache Entry: 273
ASCII text, with very long lines (27372)
downloaded
Chrome Cache Entry: 275
ASCII text
downloaded
Chrome Cache Entry: 276
HTML document, ASCII text, with very long lines (334), with CRLF line terminators
downloaded
Chrome Cache Entry: 278
Unicode text, UTF-8 text, with very long lines (65439)
downloaded
Chrome Cache Entry: 279
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 283
PNG image data, 79 x 79, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 284
ASCII text, with very long lines (12839)
downloaded
Chrome Cache Entry: 285
ASCII text, with very long lines (65448)
dropped
Chrome Cache Entry: 286
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 287
ASCII text, with very long lines (19766)
downloaded
Chrome Cache Entry: 292
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 296
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 297
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 299
ASCII text, with very long lines (17950)
downloaded
Chrome Cache Entry: 304
Unicode text, UTF-8 text, with very long lines (13863)
dropped
Chrome Cache Entry: 305
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 308
Web Open Font Format (Version 2), TrueType, length 29516, version 1.0
downloaded
Chrome Cache Entry: 311
ASCII text, with very long lines (17329)
downloaded
Chrome Cache Entry: 312
ASCII text, with very long lines (46070)
downloaded
Chrome Cache Entry: 313
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 314
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 315
Web Open Font Format (Version 2), TrueType, length 31468, version 1.0
downloaded
Chrome Cache Entry: 318
ASCII text, with very long lines (17204)
downloaded
Chrome Cache Entry: 320
JSON data
dropped
Chrome Cache Entry: 322
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 323
ASCII text
downloaded
Chrome Cache Entry: 326
ASCII text, with very long lines (65446)
dropped
Chrome Cache Entry: 327
ASCII text, with very long lines (27974)
downloaded
Chrome Cache Entry: 329
Unicode text, UTF-8 text, with very long lines (65169)
downloaded
Chrome Cache Entry: 330
Unicode text, UTF-8 text, with very long lines (65446)
dropped
Chrome Cache Entry: 332
Unicode text, UTF-8 text, with very long lines (65433)
dropped
Chrome Cache Entry: 333
ASCII text, with very long lines (7965)
downloaded
Chrome Cache Entry: 334
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 335
ASCII text
dropped
Chrome Cache Entry: 337
ASCII text, with very long lines (20560)
downloaded
Chrome Cache Entry: 340
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 341
ASCII text, with very long lines (65438)
downloaded
Chrome Cache Entry: 342
ASCII text, with very long lines (631), with no line terminators
dropped
Chrome Cache Entry: 343
ASCII text, with very long lines (9377)
downloaded
Chrome Cache Entry: 345
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 346
ASCII text, with very long lines (52240)
downloaded
Chrome Cache Entry: 347
ASCII text, with very long lines (16718)
dropped
Chrome Cache Entry: 349
ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 350
Unicode text, UTF-8 text, with very long lines (16888)
dropped
Chrome Cache Entry: 352
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 353
ASCII text, with very long lines (9667)
dropped
Chrome Cache Entry: 354
HTML document, ASCII text, with very long lines (65448)
downloaded
Chrome Cache Entry: 355
Web Open Font Format, TrueType, length 13780, version 1.0
downloaded
Chrome Cache Entry: 357
ASCII text, with very long lines (32844)
downloaded
Chrome Cache Entry: 359
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 360
ASCII text, with very long lines (30012)
dropped
Chrome Cache Entry: 361
ASCII text, with very long lines (65443)
downloaded
Chrome Cache Entry: 362
ASCII text, with very long lines (21847)
dropped
Chrome Cache Entry: 363
TrueType Font data, 13 tables, 1st "FFTM"
downloaded
Chrome Cache Entry: 364
Web Open Font Format, CFF, length 33752, version 0.0
downloaded
Chrome Cache Entry: 366
ASCII text, with very long lines (20077)
dropped
Chrome Cache Entry: 367
ASCII text, with very long lines (11612)
dropped
There are 68 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://na2.docusign.net/Signing/EmailStart.aspx?a=00c6a14e-a8e7-4223-9765-b10754976206&etti=24&acct=77b54376-cfe0-40a4-ada4-41dcbd6fe4fa&er=61ed0986-cfa5-49af-9b2c-480985e92055
https://na2.docusign.net/Signing/?ti=037422d42bd9412587ae3907855d546c
https://qrco.de/bfV79j

Domains

Name
IP
Malicious
cdn.optimizely.com
104.18.65.57
d2ab0gkja3j0kr.cloudfront.net
3.161.82.105
www.google.com
142.250.186.36
api.mixpanel.com
107.178.240.159
qrco.de
13.33.187.85
arya-1323461286.us-west-2.elb.amazonaws.com
52.42.45.237
cdn.qr-code-generator.com
unknown
a.docusign.com
unknown
docucdn-a.akamaihd.net
unknown
na2.docusign.net
unknown

IPs

IP
Domain
Country
Malicious
162.248.185.181
unknown
United States
142.250.186.67
unknown
United States
104.18.66.57
unknown
United States
162.248.185.182
unknown
United States
216.58.206.74
unknown
United States
142.250.186.174
unknown
United States
192.168.2.17
unknown
unknown
3.161.82.105
d2ab0gkja3j0kr.cloudfront.net
United States
142.250.185.168
unknown
United States
107.178.240.159
api.mixpanel.com
United States
13.33.187.85
qrco.de
United States
34.223.160.188
unknown
United States
34.104.35.123
unknown
United States
1.1.1.1
unknown
Australia
142.250.186.36
www.google.com
United States
104.18.65.57
cdn.optimizely.com
United States
216.58.206.40
unknown
United States
142.250.186.163
unknown
United States
52.42.45.237
arya-1323461286.us-west-2.elb.amazonaws.com
United States
2.19.126.97
unknown
European Union
142.251.173.84
unknown
United States
35.190.25.25
unknown
United States
239.255.255.250
unknown
Reserved
2.16.168.5
unknown
European Union
142.250.186.42
unknown
United States
There are 15 hidden IPs, click here to show them.